Our compliance manual formalizes an operational discipline: governance, evidence, risk prevention, and client transparency. It applies to our four service pillars, proportionate to risk.
Hipparchus is not a CIF and does not provide CIF services. This manual describes our internal risk-control framework and our interfaces with regulated professionals involved in certain transactions.
Our manual is designed to be auditable: traceability, approvals, and consistent controls.
This page presents principles and operational safeguards; it is not a legal opinion.
Each service triggers a common baseline (ethics, confidentiality, security, evidence) and, where required, enhanced controls (third parties, flows, operational risk).
Controls intensify with risk: size, complexity, jurisdictions, counterparties, and time pressure.
Stakeholder and flow mapping; economic coherence checks.
Conflict-of-interest management and role separation.
Evidence-based decision file: assumptions, scenarios, supporting docs.
Memo, option matrix, decision log, stakeholder map, risk notes, final evidence pack.
Complex structures, cross-border elements, unusual flows, secrecy requests, inconsistent documents.
An internal daily dashboard to run compliance as a system: responsibilities, evidence, controls, incidents, and corrective actions.
Roles, delegations, periodic reviews, decision register
Independence, conflicts, gifts & hospitality, integrity
Clauses, need-to-know, secure channels, least privilege
Proportionate vigilance, red flags, escalation, evidence
Purposes, minimization, retention, rights, request handling
Assessment, clauses, security, continuity, reversibility
Quality of evidence, speed of resolution, and residual risk level — to keep client outcomes predictable.
Completeness score
First feedback
Risk-based
Metrics are internal and indicative; they guide operational discipline rather than replace professional judgment.
Concrete, documented, testable controls. The goal is operational risk reduction and consistently high-quality execution—without unnecessary bureaucracy.
Objectives, constraints, horizon, stakeholders, deliverables.
Assumptions, options, final choice, evidence.
Traceable deliverables, validations, approvals.
Proportionate KYB/KYC, UBOs, mandates.
Open sources, coherence checks, alerts, weak signals.
Flow inconsistencies, unusual urgency, atypical requests.
Encryption, expiring links, access controls, MFA.
Collect only what is needed; reduce exposure surface.
Internal retention/purge, purge evidence.
Peer review for sensitive deliverables (risk/contract).
Qualification, impact, actions, lessons learned.
Priorities, backups, recovery, contact points.
The manual is built to minimize ambiguity: what, why, evidence, and escalation paths.
We apply a risk-based logic: the higher the risk, the stronger the vigilance, documentation, and controls. When obliged entities are involved, their legal obligations prevail and our diligence aligns with that standard.
Unusual amounts, complex structures, pressure to rush, flow inconsistencies, difficulty identifying UBOs, multi-jurisdiction counterparties.
A weak signal is not an accusation: it triggers verification. The manual requires internal escalation, factual documentation, and, if relevant, coordination with obliged actors.
French law sets out obliged entities and the AML/CTF corpus; ACPR/Tracfin joint guidelines frame vigilance and reporting for relevant sectors.
When applicable, reporting duties (e.g., suspicious activity reporting) are handled by the obliged entities according to their legal framework.
The manual governs collection and use of data: explicit purposes, minimization, security, retention, and handling of requests (access, rectification, erasure, objection). If issues persist, CNIL is the reference authority.
Only for defined objectives.
Collect the necessary minimum.
Defined rules and purge evidence.
CNIL typically requires that you first contact the organization before lodging a complaint.
A standardized sequence designed to be client-readable and auditable: what we do, in which order, and with what evidence.
Perimeter, objectives, constraints, stakeholders, timeline, deliverables.
Minimal collection, analysis, assumptions, risk points.
Scenarios, contractual architecture, responsibilities, action plan.
Checks, flow coherence, third-party review, second review if needed.
Argued conclusion, limits, recorded decisions.
Final file: docs, validations, versioning, retention/purge.
We answer with evidence. For a precise request, provide context, objective, and available documents.
Describe your need in a few lines. We will revert with clear framing, a method, and next steps.
